I have looked and cannot find any, but if there is a legal method by which anyone can force an American company to lie to a user about how many devices another user owns or what their keys are, I’d be curious to learn about it.

The government uses extralegal means for this sort of thing all the time. How about the Lavabit case, where the [Edit: FBI] demanded secret access to their SSL keys in order to intercept Snowden’s access to the website?

It was FBI. Two, interesting things happened with that. For one, the FBI countered owner’s argument about damage to his business by revelation of backdoors by telling judge no damage would happen if he was forced to lie about it. Judge agreed. Second, the judge asked the owner for a better solution to the pen register that they could trust. Lavabit owner then tried to score money off FBI for a solution that would take a while to put together. Judge obviously didn’t go with that. My takeaways were that judges might be compelling these companies to lie about backdoors and might tolerate a trustworthy one in place of a pen register.

That led me to start working on high-assurance, lawful intercept as a fallback option in case police state got worse. The first attempt has quotes from the trial along with a preliminary design using government’s recommendations against them:

Lavabit was not subject to a subpoena. The [Edit: FBI] used a pen register order to compel Lavabit to provide “technical assistance necessary to accomplish the installation of the pen register or trap and trace device”.

I think secretly adding a new device to an encrypted chat session has precedence in wiretapping. Banking on the idea that “they can’t force a company to lie” seems very tenuous. Since WhatsApp already doesn’t notify users when the device ID changes, it wouldn’t even be a lie - just an omission.

Good call re pen register, although it was the FBI + a federal judge, not NSA.

WhatsApp does notify users when a public key changes, however, if you enable it in the settings. And even if there were a secret work-around to ignore that setting, the protocol is open, so one could see it via a always-on-VPN / proxy, making it pretty useless as a wiretap mechanism.